Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spurious expired crates.io certificate on CI #63510

Closed
pietroalbini opened this issue Aug 13, 2019 · 4 comments
Closed

Spurious expired crates.io certificate on CI #63510

pietroalbini opened this issue Aug 13, 2019 · 4 comments
Labels
A-spurious Area: Spurious failures in builds (spuriously == for no apparent reason) C-bug Category: This is a bug. T-infra Relevant to the infrastructure team, which will review and decide on the PR/issue.

Comments

@pietroalbini
Copy link
Member

We encountered multiple spurious failures while trying to download crates from crates.io, related to an expired certificate. This is probably something happening on the CI VMs, as the crates.io certificate is expiring in a few months (maybe the clock goes back to the epoch for whatever reason?).

    Updating crates.io index
 Downloading crates ...
error: failed to sync

Caused by:
  failed to download from `https://crates.io/api/v1/crates/openssl-src/111.1.0+1.1.1a/download`

Caused by:
  [60] SSL peer certificate or SSH remote key was not OK (SSL certificate problem: certificate has expired)

cc @Mark-Simulacrum @sgrif
@pietroalbini pietroalbini added A-spurious Area: Spurious failures in builds (spuriously == for no apparent reason) T-infra Relevant to the infrastructure team, which will review and decide on the PR/issue. C-bug Category: This is a bug. labels Aug 13, 2019
@pietroalbini pietroalbini mentioned this issue Aug 13, 2019
Merged
@alexcrichton
Copy link
Member

Another report of this at https://bugzilla.mozilla.org/show_bug.cgi?id=1573324, and this is happening all across the community on CI I'm seeing as well, it's not just our own CI. One instance is this build - https://dev.azure.com/alexcrichton/openssl-src-rs/_build/results?buildId=769

@sgrif
Copy link
Contributor

sgrif commented Aug 13, 2019

I've opened a support ticket with Heroku and refreshed the certificate in the meantime (hopefully that clears out whatever cache is stale)

Centril added a commit to Centril/rust that referenced this issue Aug 14, 2019
@Centril
Rollup merge of rust-lang#63511 - pietroalbini:pa-ci-date, r=Mark-Sim…
051598b 
…ulacrum

ci: add a check for clock drift

Recently we encountered multiple spurious failures where the crates.io
certificate was reported as expired, even though it's currently due to
expire in a few months. This adds some code to our CI to check for clock
drifts, to possibly find the cause or rule out a bad VM clock.

cc rust-lang#63510
r? @Mark-Simulacrum
@sgrif
Copy link
Contributor

sgrif commented Aug 14, 2019

If folks are continuing to see this, please comment here

@sgrif sgrif mentioned this issue Aug 15, 2019
Closed
@sgrif
Copy link
Contributor

sgrif commented Aug 19, 2019

This appears to be resolved, please reach out to me if this happens again.

@sgrif sgrif closed this as completed Aug 19, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-spurious Area: Spurious failures in builds (spuriously == for no apparent reason) C-bug Category: This is a bug. T-infra Relevant to the infrastructure team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexcrichton @sgrif @pietroalbini